1.1.1 Containment by small/constrained team (output/status)
1.1.2 Multiple small teams
1.1.5 Define several levels of disclosure (Chatham House rules)
1.1.5.1 http://www.chathamhouse.org.uk/about/chathamhouserule/
1.1.6 How to protect sensitive info?
1.1.6.1 Attribution -- to a specific organization or shared anonymously
1.1.6.1.2 No -- what mechanism for sharing?
1.1.6.2 Attempt to obtain/produce info without need for NDAs
1.1.6.3 have the source "sanitize" the information before sharing it
1.1.6.4 Share w/ICANN staff -- or independent 3rd party
1.1.6.5 Sanitizing -- not just identity -- strategic/"real" info
1.1.6.6 Tradeoff -- protecting information vs useful report
1.1.7 Levels of confidentiality
1.1.7.1 What is sensitive
1.1.7.1.1 Who defines it as sensitive?
1.1.7.1.2 Ascertain sensitive info from source
1.1.7.2 Chatham House is the lower level of confidentiality
1.1.7.3.1 Highest "most sensitive" material
1.1.7.3.1.1 Confidential or Classified - available only to some WG members, proprietary informations.
1.1.7.3.2.1 More sensitive - available for internal use to all WG members (with attribution/description)
1.1.7.3.2.2 Chatham House
1.1.7.3.2.2.1 "When a meeting, or part thereof, is held under the Chatham House Rule, participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed."
1.1.7.3.3.1 Public - can be published on the WG wiki, with attribution
1.1.7.4.1 Internal to Sub-team
1.1.7.4.2 Internal to DSSA
1.1.7.4.3.2 Published or not
1.1.7.4.4 Need to clearly define/track who is internal to DSSA WG and sub-teams?
1.1.8.1 Sign legal document
1.1.8.2 Use section in the DSSA charter, non-disclosure agreement, no additional agreement
1.1.8.3 Sign agreement from the start or for special occasions? -- Mandatory to sign at the beginning.
1.2.1 Agreeing to public output
1.2.3 Sharing without attribution
1.2.4 Mechanism for classification
1.3 Types of confidential material
1.3.1 Data (for analysis)
1.3.2 Internal processes/trade secrets
1.3.2.1 May require compartmentalization
1.4 Platform (prototype) NEISAS
1.4.1 Share confidential information in a trusted model
1.4.4.1 CSIRTs use this tool
1.4.5 How much does it cost?
1.4.6 web site -- www.neisas.eu (maybe)
1.4.6.1 Action item: explore Neisas and report back to the group
1.5 Code of conduct for group?
1.5.1 Charter sufficient?
2.1.1 Sub-working groups may need to access sensitive or proprietary information in order for the DSSA to do its work
2.1.2 These procedures are an exception to accountability and transparency standards
2.1.3 No formal NDA required for membership in the DSSA
2.2.1 Only required where members of sub-working groups need to access and protect confidential information
2.2.1.1 If needed: sub-WG members sign formal Affirmation of Confidentiality and Non-Disclosure agreement
2.2.1.2 If needed: project or issue-specific Non-Disclosure Agreement
2.2.1.3 If needed: separate private sub-working group email lists